Make clientID and clientSecret optional in ExchangeOAuthCodeForAccessToken()
markschmid opened this issue · 6 comments
I think the method ExchangeOAuthCodeForAccessToken() is not taking care of the optional params clientID and clientSecret. I'm using the values "" (my take of optional), yet the response of FA is:
The request is missing a required parameter: client_id missing_client_id
Remark: In Line
go-client/pkg/fusionauth/Client.go
Line 1272 in ca7d656
The /oauth2/token endpoint does not accept an API key, this is why it is using the StartAnonymous.
The way the method is constructed, the client_id and client_secret are required. The Authorization header that is referred to in the comment is the HTTP Basic Authorization header which would use the client_id and client_secret in an authorization header instead of the request body.
We could update the comment since this usage does not use the HTTP Basic Authorization for client authentication.
Is there a reason you can't pass the client_id and client_secret as arguments to this method?
Thanks for the clarification. Reading the „optional“ lead to false conclusions on my side.
You're welcome, yes, the wording was confusing. I have updated that in commit FusionAuth/fusionauth-client-builder@32ae5b8 and dbc3c6c.
Assuming we can close out this issue?
Absolutely, thanks again!